The decentralized music streaming platform Audius was hacked over the weekend, with threat actors stealing over 18 million AUDIO tokens worth approximately $6 million.
Hello everyone – our team is aware of reports of an unauthorized transfer of AUDIO tokens from the community treasury. We are actively investigating and will report back as soon as we know more.
If you'd like to help our response team, please reach out.— Audius 🎧 (@AudiusProject) July 24, 2022
After a hacker stole $6 million worth of AUDIO tokens this weekend, the platform responded within minutes by freezing several services until the developers could deploy fixes to prevent further theft of tokens.
According to a post-mortem report published by Audius on Sunday, the hacker exploited a bug in the contract initialization code that allowed them to perform repeated invocations of the initialize functions.
This enabled the intruder to transfer 18.5 million AUDIO tokens held by the so-called “community treasury” to their wallet, essentially stealing a significant amount of money and changing the platform’s governance dynamics.
